Earlier this month, the Anti-Malware Testing Standards Organization (AMTSO) published new guidelines on the delicate topic of testing anti-malware products. Since then, many experts in the anti-malware industry have been commenting on the said guidelines. Many of these comments (including some from myself), have been summed up by tech blogger Kevin Townsend here .

Go here to read the rest:
What the New AMTSO Guidelines Mean for Users

Nowadays, hardware have become so cheap that cybercriminals can easily reproduce fake point-of-sale (POS) devices that can be used to skim data from credit and debit cards.

Link:
For Sale: Fake POS Devices

Chinese PC manufacturer Lenovo is the latest high-profile company to be compromised. Sometime over the past weekend, its support pages, which allowed users to download drivers and manuals, were compromised with the addition of a malicious iframe. The website in this malicious iframe led to the download of a BREDOLAB variant detected as TROJ_BREDOLAB.BY .

Read more:
Lenovo Support Page Compromise Leads to BREDOLAB

Following Microsoft’s recent Patch Tuesday, Oracle , too, released 47 security fixes for its products. Oracle’s critical patch update for April can be found in Oracle Critical Patch Update Advisory—April 2010 . Oracle’s update is a collection of patches for multiple security vulnerabilities , which also includes patches for Sun products

Read the original post:
Oracle Issues New Patches While a New Java Bug Emerges

In recent years, the music and movie industries have become more aggressive in suing users accused of illegally sharing content. Large-scale mass lawsuits, previously used largely in Britain and Germany, have now made their way to the U.S

Link:
“Copyright Violations” Used for a FAKEAV-Like Scam

TrendLabs engineers noted a recent malicious scheme that attempts to spoof an Adobe update but is actually a Trojan variant detected as TROJ_FAYKDOBE.A . This malware bears identical icons and version details to an Adobe update, which enables it to bypass antivirus software and system analysts, and to trick users into believing that it is legitimate. Once executed, TROJ_FAYKDOBE.A drops other malicious files detected as BKDR_VB.JGT , BKDR_VB.JHM , and BKDR_VBBOT.AP .

See the original post:
Malware Spoof an Adobe Update and VPSKeys

Apple Fixes Several Bugs Releasing one of its biggest Mac OS X security updates, Apple fixes 88 vulnerabilities with Security Update 2010-002 / Mac OS X v10.6.3 . The update addresses critical issues that can lead to arbitrary code execution, information disclosure, and denial-of-service (DoS) attacks

View post:
Apple Fixes 88 Bugs as MS Prepares Out-of-Band Patch

News of a twin bombing attack in Russia shocked the world on Monday morning as two female suicide bombers blew themselves up in Moscow subway stations. According to news reports, the attacks killed at least 38 people and wounding more than 60. Jumping a the chance to make profit from terrible events, cybercriminals quickly picked up on the news and used this for their own malicious attacks.

The rest is here:
Moscow Subway Explosions Result to FAKEAV

In February, spammers continued to use the news of the earthquake in Haiti and the recent earthquake in Chile as another vector to utilize.

More here:
Spam and Phishing Landscape: March 2010

Some time ago (February 25–26), the Anti-Malware Testing Standard Organization ( AMTSO ) had its first meeting this year.

See the original post:
Insight: AMTSO’s Reviews